From 76c63558940be95e934aeb15358c3e5fd8892190 Mon Sep 17 00:00:00 2001 From: NGnius Date: Wed, 26 Feb 2020 16:03:50 -0500 Subject: [PATCH] Add CORS header param --- config.go | 1 + handlers.go | 16 ++++++++++++---- sql_service.go | 5 +++++ 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/config.go b/config.go index 22a6b0e..adf0739 100644 --- a/config.go +++ b/config.go @@ -26,6 +26,7 @@ func initArgs() { flag.BoolVar(&buildTables, "build-db", false, "Build database tables on startup") flag.BoolVar(&populateTables, "populate-db", false, "Populate database with test data") flag.BoolVar(&randomizeTokens, "random-tokens", false, "Generate tokens with some random bytes") + flag.StringVar(&corsHeader, "cors-header", defaultCorsHeader, "Access-Control-Allow-Origin HTTP request header") } func parseArgs() { diff --git a/handlers.go b/handlers.go index a7f51ed..b471041 100644 --- a/handlers.go +++ b/handlers.go @@ -12,9 +12,17 @@ import ( "strings" ) +const ( + defaultCorsHeader = "*" +) + +var ( + corsHeader string +) + func boardHandler(w http.ResponseWriter, r *http.Request) { w.Header().Add("Content-Type", "application/json") - w.Header().Add("Access-Control-Allow-Origin", "*") + w.Header().Add("Access-Control-Allow-Origin", corsHeader) if r.Method != "GET" { //w.WriteHeader(405) errorResponse(405, "Non-GET method not allowed at this endpoint", w, r) @@ -76,7 +84,7 @@ func boardHandler(w http.ResponseWriter, r *http.Request) { func playerHandler(w http.ResponseWriter, r *http.Request) { w.Header().Add("Content-Type", "application/json") - w.Header().Add("Access-Control-Allow-Origin", "*") + w.Header().Add("Access-Control-Allow-Origin", corsHeader) if r.Method != "GET" { //w.WriteHeader(405) errorResponse(405, "Non-GET method not allowed at this endpoint", w, r) @@ -131,7 +139,7 @@ func playerHandler(w http.ResponseWriter, r *http.Request) { func newEntryHandler(w http.ResponseWriter, r *http.Request) { w.Header().Add("Content-Type", "application/json") - w.Header().Add("Access-Control-Allow-Origin", "*") + w.Header().Add("Access-Control-Allow-Origin", corsHeader) if r.Method != "POST" { //w.WriteHeader(405) errorResponse(405, "Non-POST method not allowed at this endpoint", w, r) @@ -183,7 +191,7 @@ func newEntryHandler(w http.ResponseWriter, r *http.Request) { func newKeyHandler(w http.ResponseWriter, r *http.Request) { w.Header().Add("Content-Type", "application/json") - w.Header().Add("Access-Control-Allow-Origin", "*") + w.Header().Add("Access-Control-Allow-Origin", corsHeader) if r.Method != "POST" { errorResponse(405, "Non-POST method not allowed at this endpoint", w, r) return diff --git a/sql_service.go b/sql_service.go index 2780794..3fa1b9a 100644 --- a/sql_service.go +++ b/sql_service.go @@ -98,6 +98,11 @@ func keyByToken(token string) (*Key, error) { return k, db.QueryRow("SELECT * FROM Keys WHERE token=? LIMIT 1;", token).Scan(k.Intake()...) } +func keyByPlayer(player int64) (*Key, error) { + k := &Key{} + return k, db.QueryRow("SELECT * FROM Keys WHERE player=? LIMIT 1;", player).Scan(k.Intake()...) +} + // internal operations func sqlBuildTables() { transaction, txErr := db.Begin()